topic Re: NetFlow issue in Routing and SD-WAN

NetFlow issue

CiscoBrownBelt — Thu, 23 Apr 2020 01:29:22 GMT

See attachment of simple topology.

So if the Solarwinds or whatever application you are sending NetFlow stats from a router is reachable via the router's Mgmt Int vrf which is assigned to G1 (so it pings 10.1.1.1 only sourcing from mgmt vrf), that should not be a problem correct as NetFlow is still not sending any statistics, nor can I add it to Solarwinds? I have the FlowMonitor input activated under a different interface that I want to see data from and not on the interface the Mgmt interface is assigned to.

Making sure I am not missing anything since the Router 1 is setup this way with reachability to the Solarwinds/NetFlow exporter via mgmt VRF.

Also if I remember, 1 sh flow exporter statistics does not show anything.

Re: NetFlow issue

Francesco Molino — Thu, 23 Apr 2020 02:27:59 GMT

Hi

Can you share your config please?

Have you tried capturing traffic on your switch to see if netflow packets are hitting the switch?

Re: NetFlow issue

CiscoBrownBelt — Thu, 07 May 2020 18:54:26 GMT

This is basically the config. It is actually showing statistics however nothing is showing up in Solarwinds. SNMP to Solarwinds works for the device if that helps.

flow record Flow-Record1
description Netflow to SW
match ipv4 source address
match ipv4 destination address
match ipv4 protocol
match transport source-port
match transport destination-port
match transport tcp destination-port
match transport udp destination-port
match ipv4 tos
match interface input
match interface output
collect interface input
collect interface output
collect counter packets
collect timestamp sys-uptime first
collect timestamp sys-uptime last
collect timestamp absolute first
collect counter packets
collect application name
collect counter bytes long
collect counter packets long

More Options if needed:
collect routing source as
!
!
flow exporter Flow-Exporter1
destination 10.1.1.1 (dest 10.1.1.1 vrf-mgmt does not work either)
source int g0/1
export-protocol netflow-v9
transport udp 2055
template data timeout 60
option application-table timeout 60
option application-attributes timeout 300
!
!
flow monitor Flow-Monitor1
exporter Flow-Exporter1
cache timeout active 60
record Flow-Record1

int g0/1

ip flow monitor Flow-Monitor1 input

Re: NetFlow issue

Giuseppe Larosa — Thu, 23 Apr 2020 15:15:11 GMT

Hello @CiscoBrownBelt ,

I apologize if I put a dumb question:

have you configured the flow monitor under interfaces on the device inbound or outbound?

Hope to help

Giuseppe

Re: NetFlow issue

CiscoBrownBelt — Thu, 23 Apr 2020 16:43:23 GMT

Yes. Would source from mgmt interface have anything to do with it? I read that is not supported for ASR or something like that. The thing is, what if connected to the switch where the NetFlow collector resides has reachability through the mgmt vrf? I would have to make routing updates or changes.

Re: NetFlow issue

Francesco Molino — Fri, 24 Apr 2020 02:40:39 GMT

Yes now you're mentioning it, i remember this is a limitation. Here the for Fuji saying not supported:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/netflow/configuration/xe-16-9/nf-xe-16-9-book/cfg-nflow-data-expt-xe.html#GUID-E8176824-AEC3-4A1D-9432-B70F67E2B776

Create a loopback and use it as source of the exporter within the same vrf.

Re: NetFlow issue

CiscoBrownBelt — Sat, 25 Apr 2020 13:21:41 GMT

Yes thanks!
It says not supported through management interface so I believe G0 is the management interface VRF on these ASRs.
Since you say create Lo and source still out the mgmt VRF that would work even though its still through the mgmt vrf (just so I am understanding correctly)?
It appears that this mgmt restriction applies to just version 9 no? Think trying version 8 or 5 may work?

Re: NetFlow issue

Francesco Molino — Mon, 27 Apr 2020 00:02:47 GMT

Yes it's not supported through the management OOB physical interface. But in the config, you can have a loopback or any other physical interface from the mgmt vrf and it should work.

Re: NetFlow issue

CiscoBrownBelt — Mon, 27 Apr 2020 15:11:31 GMT

Think trying version 8 or 5 may work?

Re: NetFlow issue

Francesco Molino — Mon, 27 Apr 2020 18:12:37 GMT

Go with netflow version 9 but yes both should work

Re: NetFlow issue

CiscoBrownBelt — Tue, 05 May 2020 15:53:07 GMT

So if a router only has connectivity to the switch where the NetFlow server lives via a interface assigned to mgmt vrf, exporting even using a different interface is still not working (Cisco says export via mgmt interface is not supported). I assume its because reach-ability only exists via the mgmt vrf. Do you think its the case?
Normal SNMP to server is fine.

Re: NetFlow issue

CiscoBrownBelt — Tue, 05 May 2020 20:25:36 GMT

Re: NetFlow issue

Francesco Molino — Wed, 06 May 2020 02:58:32 GMT

Normally it should not work if sourcing with the physical management interface but it should work sourcing with a loopback sitting in the mgmt-vrf. If not working, I suggest you open a TAC case because doc doesn't say using the mgmt VRF wouldn't work.

Re: NetFlow issue

CiscoBrownBelt — Wed, 06 May 2020 20:39:03 GMT

I am actually trying to source from the same interace NetFlow input is activated on as it is the only other interface I can use (I corrected source above).
I tied adding "Destination 10.1.1.1 vrf mgmt" as well however it still does not work. Do you think it is because i am trying to source from same interface it is turned on which is the interface I need to see data?

Re: NetFlow issue

grabonlee — Wed, 06 May 2020 22:13:48 GMT

It well documented that Netflow won't work with Gig0 (Mgmt Vrf) as the source interface and as you said, you don't have spare interfaces.

If you have SVIs, then you can source from an SVI or create a loopback. If you want to put any of your source interfaces in a VRF, add the following on your exporter config and test:

destination x.x.x.x vrf vrf_name
source vlan or loopback

Re: NetFlow issue

grabonlee — Thu, 07 May 2020 14:06:56 GMT

@CiscoBrownBelt

Looking back to your Netflow config, the ip flow monitor Flow-Monitor1 input shouldn't be on the same port used as the source interface. It should on the interfaces or VLAN (using the VLAN vlan_id configuration command) that you want to monitor. Also Gi0/1 should be part of the VRF that you used.

Re: NetFlow issue

CiscoBrownBelt — Thu, 07 May 2020 18:53:16 GMT

"Looking back to your Netflow config, the ip flow monitor Flow-Monitor1 input shouldn't be on the same port used as the source interface." Yes that is what i thought. Thing is, I don't have another port to source from other than the mgmt port so creating a loopback may be the best option and adding the loopback under the mgmt vrf correct?

" It should on the interfaces or VLAN (using the VLAN vlan_id configuration command) that you want to monitor. Also Gi0/1 should be part of the VRF that you used."
Not sure what you mean? FlowMon is on G0/1 which is what I want to monitor. Source vrf-mgmt does not work and g0/1 is only port available other than creating a loopback.Create loopback and add it to the mgmt-vrf correct?

Re: NetFlow issue

grabonlee — Thu, 07 May 2020 19:34:38 GMT

Yes, create loopback and add it to the vrf. That would be your source and the destination to Solarwinds would also point to the vrf. The Gi0/1 would have the ip flow monitor command.

I mentioned VLANs, as I don't know if you have an L3 Switch with VLANs or L3 VLANs, which you want to monitor.

Re: NetFlow issue

CiscoBrownBelt — Thu, 07 May 2020 23:46:34 GMT

Hi it is a Cisco ASR which does not support export via mgmt interface.
It is a vrf-mgmt under the actual mgmt interface which has the route back to the collector. So if I create a lo0 and add it to that same vrf-mgmt it will work?

Re: NetFlow issue

grabonlee — Fri, 08 May 2020 01:53:07 GMT

Yea it should work